Skip to main navigation Skip to main content Skip to footer
  • For Medicare
  • For Providers
  • For Brokers
  • For Employers
  • Search
    Search
    Español
  • For Individuals & Families:
  • For Individuals & Families:
  • Shop for Plans

    Shop for Plans

    • Plans through your employer
    • Learn about the medical, dental, pharmacy, behavioral, and voluntary benefits your employer may offer.
    • Explore coverage through work
  • Log in to myCigna
  • Log in to myCigna
  • Shop for Plans

    Shop for Plans

  • Member Guide
  • Find a Doctor
  • Home Legal Privacy Sharing and Protecting Your Health Care Data

    Sharing and Protecting Your Health Care Data

    Data-Sharing with applications (Apps) under the CMS Interoperability and Patient Access Rule.

    In 2020, the Center for Medicare and Medicaid Services (CMS) enacted the Interoperability and Patient Access Rule (CMS Interoperability Rule). This rule enables customers of certain health plans to easily access their claims and information about their visits with providers, including cost and certain specified clinical information maintained by their plans, through third-party applications (Apps) of their choice.

    Sharing Your Data

    The CMS Interoperability Rule enables customers of certain plans to access their health care data through a number of different health care applications. As a result, customers have the ability to view their health care data and share their health care data in new ways with other parties, such as providers or caregivers.

    In order to enable a customer to use an application to access their health care data, the third party application developer must first connect with our system. The customer using the application then may authorize the application to request access to the customer’s data. Consistent with privacy laws, Cigna HealthcareSM protects customers’ health care data when it is in our systems and in connection with its transfer to third parties like applications that customers may use.

    These third party applications that customers use to access to their health care data are not The Cigna GroupSM companies and are not subcontractors for The Cigna Group companies. Cigna Healthcare cannot, and does not, control the actions of external applications customers may use to access their health care data.

    As a result, once you authorize the third party application to access your health information, Cigna Healthcare cannot protect or monitor the maintenance, use, or disclosure of your information. This means, for example, that Cigna Healthcare cannot, and does not, guarantee that any third party application will maintain the privacy and security of your health care data.

    You can use the resources below to understand how to protect the privacy and security of your health information while considering whether to use a particula third party application to access your health care data.

    Special considerations if you are part of an enrollment group in an Individual or Family Plan

    If you are part of an enrollment group under a Qualified Health Plan (QHP) on a Federally- Facilitated Exchange (FFE), please be aware that your data may be combined with other members of their tax household. This means that other individuals on their plan may be able to access their data. Our policy for Individual and Family Plans is that individuals cannot access data from other members of their household unless they are the parent of a minor child or a personal representative of a family member.

    If you are an enrollee of a Cigna Healthcare Individual or Family Plan, please refer to our privacy forms for guidance on how to modify access to your data.

    Selecting an Application

    Before selecting an application to view your health care data, you should review the application’s privacy policy and Terms of Use/Terms of Service. The policy should be understandable and easy to read. Applications often use data they collect on behalf of customers for other purposes. The application’s privacy policy should outline how data will be used and what steps the company has taken to protect the data that they receive and store. Cigna Healthcare does not advise the use of any application which does not have a privacy policy.

    Questions about your health care data to consider as you select an application:

    • What data will this app collect? Will this app collect non-health care data from my device, such as my location?
    • Will my data be stored in a de-identified or anonymized form?
    • How will this app use my data?
    • Will this app disclose my data to third parties?
    • Will this app share my data for any reason, such as advertising or research? If so, with whom? For what purpose?
    • How can I limit this app’s use and disclosure of my data?
    • What security measures does this app use to protect my data?
    • What impact could sharing my data with this app have on others, such as my family members?
    • How can I access my data and correct inaccuracies in data retrieved by this app?
    • Does this app have a process for collecting and responding to user complaints?
    • If I no longer want to use this app, or if I no longer want this app to have access to my data, how do I terminate the app’s access to my data?
    • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
    • How does this app inform users of changes that could affect its privacy practices?

    If the application’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health care data. Health information is very sensitive information, and you should be careful to choose apps with strong privacy and security standards to protect yourself and your private data.

    Our application attestation process

    When an application developer requests access to your data, it’s our policy to request that they sign a document attesting that their privacy policy contains certain elements to protect your data. Cigna Healthcare cannot require that the application sign and return an attestation before sharing your data. Customers should always review an application’s privacy policy on their own in addition to considering the application’s attestation.

    Cigna Healthcare requests application developers attest to a code of conduct [PDF] that was created by the Creating Access to Real-time Information Now (CARIN) Alliance. The CARIN Alliance is a group of stakeholders representing hospitals, physicians, caregivers, and patients. The CARIN Alliance Code of Conduct sets standards for how consumer health care data will be utilized and protected. The Code of Conduct also requires organizations to be transparent with individuals regarding the application’s use of and security measures protecting an individual’s health care data.

    Applications Approved1 to Access Cigna Healthcare Data

    Apps that completed the CARIN Alliance Code of Conduct bear a special symbol(*) to show they attested to protecting your privacy. Apps that do not bear this symbol have not completed a privacy attestation through the CARIN Alliance.

    Cigna Healthcare has approved the following applications:

    CommonHealth*

    CareEvolution*

    Onerecord*

    Saans-Rover*

    Applications and HIPAA

    The Health Insurance Portability and Accountability Act (HIPAA) protects the use and disclosure of Protected Health Information (PHI), which includes an individual’s medical information as well as personal identifiers such as name, address, date of birth, and Social Security number. Cigna Healthcare is a Covered Entity under HIPAA. Hospitals, providers, and other health care entities may also be covered under HIPAA. Most applications are not covered under HIPAA. If you are a Cigna Healthcare member, you can review our Privacy Policy.

    You can view our HIPAA content fact sheet, which contains information regarding HIPAA regulations as well as information on who must comply with HIPAA.

    To find out more about your rights under HIPAA, visit the U.S. Department of Health and Human Services (HHS) website.

    The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and The Patient Safety and Quality Improvement Act of 2005 (PSQIA). Get more information about filing a complaint to the OCR and what to expect, or file a complaint directly through the OCR portal.

    Applications and Federal Trade Commission Oversight

    Most applications will be regulated by the Federal Trade Commission (FTC). The law that governs application behavior is the Federal Trade Commission Act. This law prohibits, among other things, applications that deceive customers. An example of a deceptive act would be an application that shares an individual’s data without permission even if they have policy that states they will not do so. You can report fraud to the Federal Trade Commission (FTC) to help protect your community.

    Applications That Act in an Inappropriate Manner

    If you feel that your data has been breached or used in an inappropriate manner, please email our Privacy Office or write to:

    Cigna Healthcare
    Privacy Office
    PO Box 188014
    Chattanooga, TN 37422

    1Applications that are approved may not be prepared for customer requests. Please contact the application customer service directly with any questions.

    I want to...
  • Get an ID card
  • File a claim
  • View my claims and EOBs
  • Check coverage under my plan
  • See prescription drug list
  • Find an in-network doctor, dentist, or facility
  • Find a form
  • Find 1095-B tax form information
  • View the Cigna Healthcare Glossary
  • Contact Cigna Healthcare
  • Audiences
  • Individuals and Families
  • Medicare
  • Employers
  • Brokers
  • Providers
  • Third Party Administrators
  • International
  • Manage Your Account
  • myCigna Member Portal
  • Provider Portal
  • Cigna for Employers
  • Cigna for Brokers
  • Cigna Healthcare. All rights reserved.
  • Privacy
  • Terms of Use
  • Legal
  • State Policy Disclosures, Exclusions, and Limitations
  • Transparency in Coverage
  • Customer Rights
  • Accessibility
  • Non-Discrimination Notice
  • Language Assistance [PDF]
  • Report Fraud
  • Sitemap
  • Washington Consumer Health Data Privacy Notice
  • Cookie Settings
  • Disclaimer

    Product availability may vary by location and plan type and is subject to change. All health insurance policies and health benefit plans contain exclusions and limitations. For costs and details of coverage, review your plan documents or contact a Cigna Healthcare representative.

    All Cigna Healthcare products and services are provided exclusively by or through operating subsidiaries of The Cigna Group Corporation, including Cigna Health and Life Insurance Company, Cigna HealthCare of Arizona, Inc., Cigna HealthCare of Georgia, Inc., Cigna HealthCare of Illinois, Inc., Cigna HealthCare of North Carolina, Inc. and Cigna HealthCare of Texas, Inc. Group health insurance and health benefit plans are insured or administered by CHLIC, Connecticut General Life Insurance Company (CGLIC), or their affiliates (see a listing of the legal entities that insure or administer group HMO, dental HMO, and other products or services in your state). Accidental Injury, Critical Illness, and Hospital Care plans or insurance policies are distributed exclusively by or through operating subsidiaries of The Cigna Group Corporation, are administered by Cigna Health and Life Insurance Company, and are insured by either (i) Cigna Health and Life Insurance Company (Bloomfield, CT). The Cigna Healthcare name, logo, and other Cigna Healthcare marks are owned by Cigna Intellectual Property, Inc. This website is not intended for residents of New Mexico.

    Selecting these links will take you away from Cigna.com to another website, which may be a non-Cigna Healthcare website. Cigna Healthcare may not control the content or links of non-Cigna Healthcare websites. Details

    La aseguradora publica el formulario traducido para fines informativos y la versión en inglés prevalece para fines de solicitud e interpretación.

    The insurer is issuing the translated form on an informational basis and the English version is controlling for the purposes of application and interpretation.